CVE-2015-1271: Buffer Overflow
First published: Thu Jul 23 2015(Updated: )
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Google Chrome | <=43.0.2357.134 | |
| Debian GNU/Linux | =8.0 | |
| redhat enterprise linux desktop supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.7z | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2015-1499.html
- http://www.debian.org/security/2015/dsa-3315
- http://www.securityfocus.com/bid/75973
- http://www.securitytracker.com/id/1033031
- https://code.google.com/p/chromium/issues/detail?id=446032
- https://codereview.chromium.org/1226403008
- https://security.gentoo.org/glsa/201603-09
Frequently Asked Questions
What is the severity of CVE-2015-1271?
CVE-2015-1271 has a severity rating that indicates it can lead to a denial of service due to a heap-based buffer overflow.
How do I fix CVE-2015-1271?
Update Google Chrome to version 44.0.2403.89 or later, and ensure your operating system packages are up to date according to vendor advisories.
What versions of Google Chrome are affected by CVE-2015-1271?
CVE-2015-1271 affects Google Chrome versions before 44.0.2403.89.
Are there any affected Linux distributions for CVE-2015-1271?
Yes, affected distributions include openSUSE 13.1, 13.2, Debian 8.0, and various Red Hat Enterprise Linux versions.
What type of vulnerability is CVE-2015-1271 categorized as?
CVE-2015-1271 is categorized as a denial of service vulnerability due to improper handling of out-of-memory conditions.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/google
- canonical/google chrome
- version/google chrome/43.0.2357.134
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/8.0
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.7z
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0